net: usb: aqc111: Do not perform PM inside suspend callback
Summary
| CVE | CVE-2026-23446 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-04-03 16:16:30 UTC |
| Updated | 2026-04-07 13:21:09 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Do not perform PM inside suspend callback syzbot reports "task hung in rpm_resume" This is caused by aqc111_suspend calling the PM variant of its write_cmd routine. The simplified call trace looks like this: rpm_suspend() usb_suspend_both() - here udev->dev.power.runtime_status == RPM_SUSPENDING aqc111_suspend() - called for the usb device interface aqc111_write32_cmd() usb_autopm_get_interface() pm_runtime_resume_and_get() rpm_resume() - here we call rpm_resume() on our parent rpm_resume() - Here we wait for a status change that will never happen. At this point we block another task which holds rtnl_lock and locks up the whole networking stack. Fix this by replacing the write_cmd calls with their _nopm variants |
Risk And Classification
EPSS: 0.000240000 probability, percentile 0.066190000 (date 2026-04-07)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc 621f2f43741b51f62d767eb4752fbcefe2526926 git | Not specified |
| CNA | Linux | Linux | affected e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc 4de6a43e8ecf961feabddf0e9d6911081d2ed218 git | Not specified |
| CNA | Linux | Linux | affected e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc 3267bcb744ee8a2feabaa7ab69473f086f67fd71 git | Not specified |
| CNA | Linux | Linux | affected e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc d3e32a612c6391ca9b7c183aeec22b4fd24c300c git | Not specified |
| CNA | Linux | Linux | affected e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc 98e8aed64614b0c199d5f0391fbe1a4331cb5773 git | Not specified |
| CNA | Linux | Linux | affected e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc 069c8f5aebe4d5224cf62acc7d4b3486091c658a git | Not specified |
| CNA | Linux | Linux | affected 5.0 | Not specified |
| CNA | Linux | Linux | unaffected 5.0 semver | Not specified |
| CNA | Linux | Linux | unaffected 6.1.167 6.1.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.6.130 6.6.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.78 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.18.20 6.18.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.19.10 6.19.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.0-rc5 * original_commit_for_fix | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/3267bcb744ee8a2feabaa7ab69473f086f67fd71 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/d3e32a612c6391ca9b7c183aeec22b4fd24c300c | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/069c8f5aebe4d5224cf62acc7d4b3486091c658a | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/4de6a43e8ecf961feabddf0e9d6911081d2ed218 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/98e8aed64614b0c199d5f0391fbe1a4331cb5773 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/621f2f43741b51f62d767eb4752fbcefe2526926 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.